Security and Communication Networks / 2019 / Article / Tab 1

Research Article

Efficient Extraction of Network Event Types from NetFlows

Table 1

Distribution of communication data captured within a university network over selected, potentially malicious, classes.

Event type Severity#IPs#events#flows

ssh cracking91493412291538

ssh cracking response91433406287686

port scan (in/out, tcp)79961746321732

port scan (tcp)75391486125799

port scan (vertical, tcp)7461485

dns tunnel-like behavior661414

dns tunnel-responses-like behavior6466

p2p-like behavior (tcp)62381009215333

p2p-like behavior (udp)61359156886345

p2p-responses-like behavior (tcp)632742250956

p2p-responses-like behavior (udp)61475424985336

data transfer (tcp)42444639108729

data transfer (udp)49479326026

icmp traffic41127637093315

scan-like behavior (horizontal, tcp)4940116511358

scan-like behavior (horizontal, udp)41102228

scan-like behavior (vertical, tcp)463729969

scan-like behavior (vertical, udp)43175700

scan-responses-like behavior (horizontal, tcp)430037425489

scan-responses-like behavior (horizontal, udp)4000

scan-responses-like behavior (vertical, tcp)474832785

scan-responses-like behavior (vertical, udp)43268495

We are committed to sharing findings related to COVID-19 as quickly as possible. We will be providing unlimited waivers of publication charges for accepted research articles as well as case reports and case series related to COVID-19. Review articles are excluded from this waiver policy. Sign up here as a reviewer to help fast-track new submissions.